FasterXML jackson-databind Issue
search cancel

FasterXML jackson-databind Issue

book

Article ID: 100206

calendar_today

Updated On:

Products

Endevor Endevor Natural Integration Endevor - ECLIPSE Plugin Endevor - Enterprise Workbench

Issue/Introduction



We have identified a potential issue with Endevor Webservices. We found databind code in the Endevor directory of .../lib/EndevorService/jackson-databind-2.4.1.jar,  this code is susceptible to the CVE-2018-7489 - which relates to FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5, how to fix this security vulnerability ? 

Environment

Release: ENDAE.00200-18-Endevor-Software Change Manager
Component:

Resolution

The upgrade of Endevor web services to use Jackson 2.9.5 has been included in a recent composite web services PTF for v18 increment 12.
Solution numbers SO00887 (base) & SO00888 (Web Services/Eclipse).
Powered by Wolken Software